TME-2307: add support for existing trail with x-account resources #46
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bachu20
reviewed
Aug 7, 2023
bachu20
reviewed
Aug 7, 2023
sarjumulmi
force-pushed
the
TME-2307-one-module
branch
3 times, most recently
from
8e893b2 to
2ae4192
Compare
sarjumulmi
force-pushed
the
TME-2307-one-module
branch
from
2ae4192 to
94a97a4
Compare
bachu20
previously approved these changes
Aug 8, 2023
There was a problem hiding this comment.
lgtm. Would definitely defer to @davidmontoyago + @ethanmil for reviews before merging it in.
sarjumulmi
commented
Aug 9, 2023
README.md
Outdated
| | <a name="input_expel_customer_aws_account_id"></a> [expel\_customer\_aws\_account\_id](#input\_expel\_customer\_aws\_account\_id) | Account id of customer's AWS account that will be monitored by Expel if it is different than the one terraform is using. This should be the management account id if organization trail is enabled. | `string` | `null` | no | | ||
| | <a name="input_is_existing_cloudtrail_cross_account"></a> [is\_existing\_cloudtrail\_cross\_account](#input\_is\_existing\_cloudtrail\_cross\_account) | For an existing cloudtrail, whether the cloudtrail & the log bucket (& optinally log bucket notifier topic if existing) are in different aws accounts | `bool` | `false` | no | |
There was a problem hiding this comment.
this applies to cases where you have an existing organization cloudtrail but the cloudtrail log bucket account is NOT in the management account.
ethanmil
requested changes
Aug 10, 2023
sarjumulmi
force-pushed
the
TME-2307-one-module
branch
from
f541955 to
ad84d80
Compare
sarjumulmi
force-pushed
the
TME-2307-one-module
branch
from
ad84d80 to
eaa5178
Compare
davidmontoyago
previously approved these changes
Aug 14, 2023
Comment on lines
+95
to
+101
| command: | | ||
| cat > provider.tf \<<EOF | ||
| provider "aws" { | ||
| region = "us-east-1" | ||
| alias = "log_bucket" | ||
| } | ||
| EOF |
sarjumulmi
dismissed stale reviews from ethanmil and davidmontoyago
via
0bc6649
sarjumulmi
force-pushed
the
TME-2307-one-module
branch
from
0bc6649 to
372aeda
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes:
configuration_aliasadded for log bucket account. need to pass in the provider alias for log bucket when invoking the moduleis_existing_cloudtrail_cross_accountvaris_existing_cloudtrail_cross_accountis set to true.expel assume role nameinstead of hard coded string. add type defn fortagsterraform validatebug